电子商城 设为首页 加入收藏
   当前位置 : 首页 走进银河资讯中心安全术语
人才招聘
客户留言
联系我们
安全术语(NS Terms)
文章来源:      文章作者:      发布时间:2015-05-12      访问次数:805

In the context of information systems, "security" provides protection for information system resources from accidental or deliberate destruction by a user of the system. A resource can be: any hardware component in the system; for example, a printer, a server, a communication connection any software component in the system any data in the system Users of the system are people or groups of people that have access to the hardware, software, and data in the information system. With this as a simple context, we can define some common terms used in information systems security.

Access control: A cornerstone of security is the ability to determine who can access computer networks and systems. Control can be exercised through the use of access control protocols, computer applications that authenticate the user logging into a network. Access control lists (ACLs) define which users can access specific data and programs. Access codes are passwords, series of characters or numbers that enable a user to access the network .

Accountability: An essential ingredient of security systems is the ability to determine who performed any given action and which actions occurred during a specific time interval. Organizations improve accountability by using the latest software applications, including intrusion detection and network auditing tools, to trace violations or attempted violations of computer security to individuals who then can be held responsible.

Administration: Personnel responsible for administering computer security define security parameters, maintain and monitor security systems, and modify policy information.

AES (Advanced Encryption Standard): In 1997, the National Institute of Standards and Technology (NIST) announced its intention to develop a Federal Information Processing Standard (FIPS) for a standard encryption method. Fifteen companies were invited to create and present alternatives to the 20-year-old Data Encryption Standard (DES). The new AES, a strong, 256-bit encryption able to protect sensitive government data, must be an unclassified, publicly disclosed algorithm available royalty-free worldwide. In 1998, the candidates presented their bids at a conference; open debate on the merits of each candidate's entry continues today. As of August 1999, NIST announced five finalists, which include IBM, RSA, Counterpane Systems, the University of Cambridge, and -- jointly -- Banksys/PWI and the Catholic University of Leuven, who will undergo further analysis and testing until the "winner" is announced by fall of 2000.

API (Application Programming Interface): Software applications, such as spreadsheets or word processing, use a special language and message format -- the API -- to communicate with the computer operating system, database management system or other system programs. Software system vendors provide APIs so that their customers can use various applications directly from their desktops. Development and use of standard APIs safeguards business-critical data.

Assurance: Security-conscious organizations provide assurance to users, partners and customers by demonstrating and periodically validating that the claimed level of security protection is being enforced. Virus protection, services and consulting support, and policy management are all assurance techniques.

Availability: To be secure, computer resources must be ready for use by authorized users when they need them. Availability covers systems, data, networks and applications.

Authentication: Authentication denotes a security procedure where an individual is identified. The process ensures that the individual is whom he or she claims to be, but does not affect the individual's access rights. User names, passwords and biometric scanning are all authentication techniques.

Authorization: This phase of security admits only legitimate user access to systems, data, applications or networks. After the user is authenticated, he or she is authorized, that is, granted access to a network resource. An identification number or password that is used to gain access to a local or remote computer system.

Biometrics: Biometrics is the study of measurable biological characteristics, used in computer security applications as an authentication technique. Most commonly, biometrics used in computer security systems entails computer analysis of fingerprints or speech. Biometrics is expected to become increasingly important in e-business transactions, as an effective way to detect fraudulent users.

CDSA (common data security architecture): CDSA denotes the overall security infrastructure for all components of the computer system or network, employing many security applications. A CDSA is based on cryptology and digital certificate management, and can support a variety of programming environments. Typically, a CDSA is made up of four layers, ranging from the bottom layer of the service provider modules' basic security programs, to the top layer, which includes secure digital certificate-based transactions.

Certificate: the most common kind of credential in the network computing environment. Certificates include standard information such as the owner's public key, globally-accessible name, and expiration dates; certificates may also contain some application-unique data such as title, degree(s) earned, and professional licenses. Certificates are also called digital certificates.

Certificate authority: In the pre-Internet world, every secure transaction involved a trusted third party -- such as a notary, attorney or broker -- who could guarantee that both parties were who they purported to be. A Certificate Authority (CA) fills that same role in the digital world. A CA vendor, such as VeriSign or Entrust, issues certificates that contain the identities and affiliations of individuals, along with their public keys. These certificates are bound together with the digital signature and stored in a special directory. The sender's browser looks up the recipient's certificate in the directory, and the message can be encrypted using the key embedded in the certificate. The sender can then sign the message using his own private key, and the recipient can verify the signature by using the sender's public key that is vouched for by the CA.

Confidentiality: keeping information protected from unauthorized disclosure or viewing.

Content filtering: A content-filtering application accepts or rejects data